cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5525
Views
1
Helpful
4
Replies

Cisco Umbrella agent in unprotected state

manvik
Level 3
Level 3

Hi,

Using Cisco umbrella roaming agent in Windows 10 computers. Agent stays in unprotected state always, but there's internet connectivity and even tracert to opendns IP works.

anyone any idea why?

 

Log shows like;

2021-02-05 10:00:05 [5240] [DEBUG] < 21> Dns Protection IPv4 State Machine: probing for OpenDNS resolvers at addresses 208.67.222.222, 208.67.220.220, port 443
2021-02-05 10:00:05 [5240] [DEBUG] < 23> Dns Protection IPv6 State Machine: rejected all candidate resolvers for port 443

 

2021-02-05 10:00:05 [5240] [DEBUG] < 21> Dns Protection IPv4 State Machine: probing for OpenDNS resolvers at addresses 208.67.222.222, 208.67.220.220, port 443
2021-02-05 10:00:05 [5240] [INFO ] < 24> IP BLOCKING: forwarding interface not available; can not add route for 3.22.224.144/32
2021-02-05 10:00:05 [5240] [DEBUG] < 23> Dns Protection IPv6 State Machine: rejected all candidate resolvers for port 443
2021-02-05 10:00:05 [5240] [DEBUG] < 23> Dns Protection IPv6 State Machine: checking reachability of secondary OpenDNS resolver candidates using port 53 (candidates are 208.67.222.222, 208.67.220.220)

4 Replies 4

@manvik 

It's probably because the client device doesn't have full connectivity to the Umbrella cloud. What protocols/ports are you permitting to the Umbrella cloud servers?

 

Unprotected—The policy is not currently being enforced; the computer is unable to communicate with our DNS servers.

 

Refer to the following guides for the protocols/ports/IP addresses:-

 

https://support.umbrella.com/hc/en-us/articles/230901248-Umbrella-Roaming-Client-Unprotected-and-Unencrypted

https://docs.umbrella.com/deployment-umbrella/docs/2-prerequisites-update

 

Thank you @Rob Ingram 

it's just windows system and internet. There's only internet router in between.

UDP 53 and TCP 443 are open for sure.

Tracert to opendns IP are working.

Check you .NET framework, it needs to be 4.5 or greater.

Hi @Rob Ingram 

Wondering whether Umbrella sends any alert if an agent goes into unprotected state. How else can an administrator know one of their employee laptop is not protected and their system is compromised.